M365 Monitored Alerts
These are the alerts collected and monitored by Augmentt
Name | Category | Severity | Description | Source | Licensing |
Add App Role Assignment Grant To user | Application Management | Low | User has been granted app role assignment | Audit Log | Basic (non-P1) |
Add App Role Assignment To Service Principal | Application Management | Low | Service principal has been granted app role assignment | Audit Log | Basic (non-P1) |
Add Application | Application Management | Low | An application was added to Azure | Audit Log | Basic (non-P1) |
Add Delegated Permission Grant | Application Management | Low | User was granted delegated permission | Audit Log | Basic (non-P1) |
Add Owner | Application Management | Low | An owner was added to the application | Audit Log | Basic (non-P1) |
Add Service Principal | Application Management | Low | A service principal was added | Audit Log | Basic (non-P1) |
Add Service Principal Credentials | Application Management | Medium | Service principal credentials were added | Audit Log | Basic (non-P1) |
Consent To Application | Application Management | Medium | A application was consented to | Audit Log | Basic (non-P1) |
Remove Delegated Permission Grant | Application Management | Low | Delegated permission grant was removed | Audit Log | Basic (non-P1) |
Update Application | Application Management | Low | An application was updated | Audit Log | Basic (non-P1) |
Update Application Certificates And Secrets Management | Application Management | Medium | Application certificates and secrets management were updated | Audit Log | Basic (non-P1) |
Update Service Principal | Application Management | Low | A service principal was updated | Audit Log | Basic (non-P1) |
Add A Partner To Cross Tenant Access Setting | Cross Tenant Access Settings | High | A partner was added to cross tenant access settings | Audit Log | Basic (non-P1) |
Add Device | Device | Low | A device was added | Audit Log | Basic (non-P1) |
Device No Longer Compliant | Device | Low | A device is no longer compliant | Audit Log | Basic (non-P1) |
Device No Longer Managed | Device | Medium | A device is no longer managed | Audit Log | Basic (non-P1) |
Register Device | Device | Low | A device was registered | Audit Log | Basic (non-P1) |
Remove Member From Group | Group Management | Low | A member was removed from a group | Audit Log | Basic (non-P1) |
Remove Owner From Group | Group Management | Low | Owner was removed from a group | Audit Log | Basic (non-P1) |
Update Policy | Policy | Low | A policy was updated | Audit Log | Basic (non-P1) |
Delete Conditional Access Policy | Policy | High | Conditional Access Policy was deleted | Audit Log | Basic (non-P1) |
Delete Policy | Policy | Medium | A policy was deleted | Audit Log | Basic (non-P1) |
Update Conditional Access Policy | Policy | Medium | Conditional Access Policy was updated | Audit Log | Basic (non-P1) |
Update Authorization Policy | Policy | Medium | Authorization Policy was updated | Audit Log | Basic (non-P1) |
Add Member To Role Outside of PIM permanent | Resource Management | High | A member was added to a role outside of PIM | Audit Log | Basic (non-P1) |
Triggered PIM Alert | Resource Management | High | A PIM alert was triggered | Audit Log | Basic (non-P1) |
Update Role | Role Management | Medium | A role was updated | Audit Log | Basic (non-P1) |
Add User | User Management | Low | A new user was added | Audit Log | Basic (non-P1) |
Admin Deleted Security Info | User Management | High | An admin deleted their security info | Audit Log | Basic (non-P1) |
Admin Registered Security Info | User Management | Low | An admin registered their security info | Audit Log | Basic (non-P1) |
Change Password Self-Service | User Management | Low | A self-service password change was initiated | Audit Log | Basic (non-P1) |
Change User License | User Management | Low | User license changes applied | Audit Log | Basic (non-P1) |
Change User Password | User Management | Low | A user changed their password | Audit Log | Basic (non-P1) |
Enable Account | User Management | Low | An account was enabled | Audit Log | Basic (non-P1) |
Disable Account | User Management | Low | An account was disabled | Audit Log | Basic (non-P1) |
Invite External User | User Management | Low | An external user was invited | Audit Log | Basic (non-P1) |
Redeem External User Invite | User Management | Low | An external user redeemed invitation | Audit Log | Basic (non-P1) |
Reset Password by Admin | User Management | Medium | A password was reset by admin | Audit Log | Basic (non-P1) |
Reset Password Self-Service | User Management | Low | A password was reset by SSPR | Audit Log | Basic (non-P1) |
Reset User Password | User Management | Low | User password was reset | Audit Log | Basic (non-P1) |
User Changed Default Security Info | User Management | Low | A user changed the default security info | Audit Log | Basic (non-P1) |
User Deleted Security Info | User Management | Low | A user deleted their security info | Audit Log | Basic (non-P1) |
Disable Strong Authentication | User Management | High | Strong authentication was disabled | Audit Log | Basic (non-P1) |
Set Verified Publisher | User Management | Low | Set verified publisher | Audit Log | Basic (non-P1) |
Risky Sign-in Inside Country | Sign-in Risk | Low | Entra Risky Activities | AAD P1 | |
Risky Sign-in Outside Country | Sign-in Risk | High | Entra Risky Activities | AAD P1 | |
Impossible travel activity | impossible travel | Variable | Zis eez not possibru | Entra Risky Activities | AAD P1 |
Atypical travel | impossible travel | Variable | Entra Risky Activities | AAD P1 |